A vulnerability in the web-based GUI of Cisco Adaptive Security Appliance (ASA) CX Context-Aware Security could allow an authenticated, remote attacker to enumerate users and read user information without belonging to a role that allows those operations.
The vulnerability is due to insufficient authorization controls. An attacker could exploit this vulnerability by sending an HTTP request to a specific URL.
Cisco has not released software updates that address this vulnerability. There are no workarounds that mitigate this vulnerability.
This advisory is available at the following link: http://ift.tt/1Mr1kXP
from Cisco Security Advisory http://ift.tt/1Mr1kXP
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.